Threat Modeling for Remote Workers
Not everyone needs the same level of security. A freelance writer and an investigative journalist face very different threats. Here's how to assess your actual risk level and build the right security stack.
Security Profiles
Standard Remote Worker
MediumMain ThreatsISP monitoring, public Wi-Fi attacks, phishing, weak passwords
Recommended StackVPN (NordVPN/Surfshark), password manager, 2FA (authenticator app), software updates
Probably OverkillTor, Tails OS, hardware security keys for every account
Freelancer Handling Client Data
Medium-HighMain ThreatsData breaches exposing client info, insecure file sharing, phishing targeting invoices
Recommended StackVPN, password manager, 2FA, encrypted file sharing (Proton Drive), client data encryption, cyber insurance
Probably OverkillAir-gapped computers, Faraday bags
Executive / Decision Maker
HighMain ThreatsSpear phishing, CEO fraud, business email compromise, targeted attacks, deep fakes
Recommended StackVPN with dedicated IP, hardware security keys (YubiKey), encrypted communications (Signal), executive protection training
Probably OverkillTor for daily browsing (too slow for work)
Journalist / Activist
Very HighMain ThreatsState surveillance, targeted hacking, device seizure at borders, source protection
Recommended StackVPN (Mullvad/Proton), Tor Browser, Signal, full-disk encryption, hardware keys, Tails OS for sensitive work, travel devices
Probably OverkillNothing is overkill at this threat level
Developer with Production Access
HighMain ThreatsSupply chain attacks, credential theft, compromised CI/CD, insider threats
Recommended StackVPN, hardware security keys, signed commits, secrets manager, least-privilege IAM, endpoint detection
Probably OverkillDisconnecting from internet entirely
The Universal Baseline (Everyone)
Regardless of your threat level, everyone should have:
1. Password manager with unique passwords
2. 2FA on email and critical accounts
3. VPN on all devices
4. Full-disk encryption enabled
5. Automatic software updates
6. Regular backups (3-2-1 rule)